Collaborating RFID devices

ABSTRACT

Cooperative RFID devices are provided that are aware of other RFID devices in their near vicinity (field range), and their operational pattern depends on presence of these other devices. If a cooperative RFID device is alone in the RF field of a reader terminal, it will allow operation of a first type (e.g. not allowing complex communication, but only allowing responses to requests for non-sensitive data or completely concealing its presence by not allowing any transmission at all) and when another defined and known RFID device is detected in the same RF field, operation of a second type is allowed (e.g. allowing any data transfer, responding to requests for any data, including sensitive data, etc.).

FIELD OF THE INVENTION

The present invention relates to a method for controlling communicationin a radio frequency (RF) identification (ID) system, an RFID device andan RFID system.

BACKGROUND

The use of radio frequency identification (RFID) technology has evolvedto such an extent that it has become an every-day item used in a largenumber of applications. Examples of such uses are scanning andidentification of items/articles in boxes, identification andauthorization when requesting access to, e.g., a bank account via anATM, when requesting entry via a building entrance locked by means of anelectronic lock, e.g. a hotel room, or when starting a vehicle whoseengine starting mechanism is protected by an electronic lock. Verysimple RFID devices are used as identification tags attached to items inshops for the purpose of theft protection.

RFID devices are activated by an RF field produced by an antennaconnected to a reader/writer terminal, typically being integrated withinan access control or an authorization mechanism as exemplified above.The RFID devices comprise a control unit, which typically holds privateand proprietary information, and which is integrated in the devicetogether with a coil inductor antenna. The coil inductor antenna is usedto draw necessary supply of power for operation from the RFelectromagnetic field provided by the reader terminal. Additionally,through the same RF field the control unit is communicating modulatedinformation with the reader terminal. The mechanism is standardized asdescribed, e.g., in ISO/IEC 14443.

One of the features of RFID devices is the identification based on theunique serial number embedded in the device. It is impossible to changethat number and a manufacturer guarantees that no duplicates are everpresent. It is also a very difficult task to make a duplicate with thesame serial number.

RFID devices are configured to interact and communicate information thatis stored in internal memory with a reader terminal whenever the deviceis placed within reach of an appropriately configured RF electromagneticfield, irrespective of whether or not a user/owner of the card is awareof such an RF field being present. This means that it is difficult for auser/owner to have total control over access to the information storedin the device.

The interaction between the RFID device and the reader terminal isperformed in a query-response manner, where the reader transmitsrequests to the device, and the device responds by transmitting replydata. The content carried by such interaction may be either simple (e.g.the device identifies itself to the reader by an identifying number,ID), or complex (e.g. the device and the reader perform anauthentication scheme and exchange a session encryption key).

When multiple devices are present in vicinity of a reader, a collisiondetection protocol is used to determine the number of devices and theirIDs, so that the reader can query a specific device, indicated with itsown unique ID. When a single device is present in the field, nocollision with another occurs, and the device is able to respond to thequeries without disturbance.

That is, typical usage of RFID is oriented towards ensuring that a RFIDdevice is readable and writeable: if a device is alone in the RF field,there is no interference from other devices and the device is readableand writeable. If there are multiple devices present in the same RFfield, special communication procedures are used to make sure all tagsare readable and writeable.

A drawback with prior art RFID systems is hence that RFID devices willrespond to any legitimate read/write request from any compatible reader.Anyone equipped with a reader is able to retrieve or modify data storedin an RFID device. In areas where data security is crucial, secure,smart devices must be used to protect the data cryptographically. Thesedevices are expensive, have complex structure, and require complexsoftware on a reader for normal operation. An example of such prior artis to be found in United States Patent Application Publication2005/0099268A1, which discloses a radio frequency identification systemwith privacy policy implementation based on device classification.

SUMMARY OF THE INVENTION

An object of the present invention is hence to overcome drawbacksrelated to prior art RFID systems as discussed above. This object isachieved by way of providing cooperative RFID devices that are aware ofother RFID devices in their near vicinity (field range), and theiroperational pattern depends on presence of these other devices. If acooperative RFID device is alone in the RF field of a reader terminal,it will allow operation of a first type (e.g. not allowing complexcommunication, but only allowing responses to requests for non-sensitivedata or completely concealing its presence by not allowing anytransmission at all) and when another defined and known RFID device isdetected in the same RF field, operation of a second type is allowed(e.g. allowing any data transfer, responding to requests for any data,including sensitive data, etc.).

Hence, in a first aspect the present invention provides a method forcontrolling communication in an RFID system between a first device and areader terminal, wherein the first device performs the steps ofperforming operation of a first type, detecting whether broadcasting isperformed from at least a second device in the RFID system and therebydetermining whether a detection state exists. If the detection stateexists, the first device is configured to perform operation of a firsttype, and if the detection state does not exist, the first device isconfigured to continue only performing operation of said first type.

The operation of a first type may comprise receiving data. The operationof a first type may also comprise broadcasting a first data sequencethat may be any non-sensitive data. Operation of the second type maycomprise communication with entities in the RFID system, includingresponding to a request for an identifier of the first device. Operationof the second type may also entail operational procedures that are moreor less unrelated to communication with other entities, such as simplychanging a state within the processing environment in the devicecontroller or more tangible state changes such as changing theappearance in terms of, e.g., color of the device etc.

In other words, the invention provides an operational pattern for RFIDdevices, which may be denoted “cooperative”. That is, when a cooperativeRFID device is placed in the RF field of a reader terminal, it willoperate in a first manner, e.g. keeping silent altogether or respond tothe reader with non-sensitive data. It will continue to operate in thisfirst manner as long as it is the only RFID device present in the RFfield. When one or more other RFID device is placed in the same RFfield, the collaborative device will detect the presence of the otherdevice by listening to communication performed by the other RFID device,e.g. detecting a collision, which will occur when two or more devicesproceed to broadcast. Only then will the collaborative device allowoperation in a second manner, e.g. allowing further communication,typically involving read/write requests issued by the reader terminal,regarding more sensitive data such as an identifier of the collaborativedevice.

The invention may, for example, use already existing RFID collisiondetection mechanisms to influence the behavior of a device in thefollowing way: if a cooperative device detects no collision during itsinitial introduction by broadcasting of non-sensitive data, the devicerefuses to respond to other commands. It will keep responding to queriesfor non-sensitive data only, until a collision occurs. After a detectedcollision, the device can deduct there is another RFID device present inthe RF field, and allow further communication.

Furthermore, if the detection state exists, the invention may alsocomprise receiving at least one data item, e.g. an identifier, broadcastfrom at least the second device and configuring the first devicedepending on the received at least one data item.

In other words, a cooperative RFID device may, after detecting one ormore RFID devices in the same RF field, retrieve, by only listening, adata item such as the ID of the other devices present in the field. Thisother device does not have to be a cooperative device. The operationalbehavior of the cooperative device may be influenced by the ID of theother device: if it is a known and trusted ID, the cooperative devicewill carry on with a new type of operation, such as communication, orotherwise only continue operating by, e.g., keeping silent.

A cooperative device may hence listen to more than one other device andpick up responses from multiple devices. Then, if an appropriatecombination of devices is present in the field, a new type of operationis allowed such as data release. A cooperative device may also pick uponly some pieces of data, or follow more or less complex algorithms todeduct if an appropriate combination of devices is really present in thevicinity.

A cooperative device can be made to work only in presence of a certainother RFID device, or a group of devices (i.e. “trusted” devices),therefore restricting the access to its stored data based on a presenceprinciple.

Hence, the step of enabling said first device to perform operation of asecond type may comprise providing a first and/or a second type ofaccess to data storage means in the first device. These types of accessmay be those of read access and write access, respectively.

Furthermore, the step of receiving at least one data item, such as anidentifier, may comprise receiving a plurality of data items from aplurality of respective devices and the configuring of the first devicemay comprise providing a first type of access to the storage means incase a first data item is received and providing a second type of accessto the storage means in case a second data item is received.

In other words, depending on the data item, such as the identity, ofother RFID devices present in the same RF field, a cooperative devicemay regulate access to data in its storage means based on privilegesassociated with the data items of these other RFID devices. For example,a cooperative device may grant read-only access to stored data when adevice with ID1 is present, write-only access when a device with ID2 ispresent, read-write access to stored data when a device with ID3 ispresent, etc.

Hence, in an advantageous manner the present invention provides a dataprotection mechanism based on the principle of presence of trusted RFIDdevice(s) in vicinity, which allows data release. Reader terminals areunable to retrieve or modify data stored on the RFID device, unless thedevice verifies data release conditions. When such conditions are met(trusted devices are present), even a simple already existing readerterminal is able to access data stored in the RFID device withoutrestrictions. If necessary, any restriction and any access policy can beachieved on individual device basis, however at the cost of increasingthe complexity of the cooperative device.

Moreover, since there is no specific need for cryptographic protocolsduring communication as discussed above, the controlling softwarerunning in the reader terminal may be relatively simple. The logicrunning on a cooperative RFID device may also be realized in quite asimple manner, for example in that existing collision detectionmechanisms are used.

In other aspects, the present invention provides an RFID device as wellas an RFID system, having corresponding features and advantages asdescribed above.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will now be described in terms of preferred embodimentsand with reference to the attached drawings on which:

FIG. 1 schematically shows an RFID system,

FIGS. 2a and 2b schematically show an RFID system configured to operatein accordance with the present invention,

FIG. 3 is a flow chart illustrating a method of controllingcommunication in an RFID system according to the present invention,

FIG. 4 schematically show an RFID system configured to operate inaccordance with the present invention, and

FIG. 5 is a flow chart illustrating a method of controllingcommunication in an RFID system according to the present invention.

PREFERRED EMBODIMENTS

A typical RFID system 100 is schematically depicted in FIG. 1. An RFIDreader/writer terminal 104 generates, and transmits via an antenna 116,an RF electromagnetic field 117 having an outer boundary 117′ asindicated in FIG. 1. The boundary 117′ of the RF field is to beinterpreted not as a boundary at which RF field strength is at aspecific level, but as a boundary within which communication with RFIDdevices is possible. Within the RF field 117 is an RFID device 102located. The RFID device, which may be in the form of a contact-lesssmart card, a tag etc., comprises a coil antenna 114 configured tointeract with the RF field 117 by receiving RF energy and conveymodulated data from the reader/writer terminal 104. The antenna 114 isconnected to an RFID device control unit 110, which comprisesprogrammable circuitry for executing firmware and software instructionsfor controlling communication with the reader/writer terminal 104 aswell as performing any necessary processing including receiving data,processing data and storing data in a storage unit 112. Hence, thestorage unit 112, which is connected to the control unit 110, holds datacomprising at least a unique identifier of the RFID device 102 and alsoany other information that is application dependent, as will beexemplified below.

The RFID reader/writer terminal 104 forms part of the system 100 inwhich a control computer system 106 operates to provide and receive datafrom, typically, a plurality of RFID devices such as the device 102. Ina typical application, the control computer system 106 operates in anapplication specific manner as will be exemplified below.

Turning now to FIGS. 2a, 2b and FIG. 3 an RFID system 200, such as thesystem 100 described with reference to FIG. 1, will be described thatoperates in accordance with the present invention.

FIG. 2a illustrates a situation at a first point in time when areader/writer terminal 204 generates an RF field having a boundary 201within which a first RFID device 202 is located. A first communicationchannel 203 is indicated between the reader/writer terminal 204 and thefirst RFID device 202. A second RFID device 220 is located outside theboundary 201 of the RF field and is hence not capable of communicatingwith the reader/writer terminal 204.

FIG. 2b illustrates a situation at a second point in time at which thereader/writer terminal 204 continues to generate the RF field and thefirst RFID device remains in connection 203′ with the reader/writerterminal 204. However, at this second point in time, the second RFIDdevice 220 has been relocated to a position within the boundary 201 ofthe RF field generated by the reader/writer terminal 204. Hence, asecond communication channel 205 is present, between the reader/writerterminal 204 and the second RFID device 220. As will be discussed inmore detail below, by the relocation of the second RFID device 220 intothe RF field generated by the reader/writer terminal 204, a thirdcommunication channel 207 arises between the first device 202 and thesecond device 220.

Now with reference to the flow chart in FIG. 3 as well as to FIGS. 2aand 2b , a method of controlling communication between the entitiesillustrated in FIGS. 2a and 2b will be discussed. The method isdescribed from the point of view of the first RFID device 202 andexecution of software instructions implementing the method is performedby a controller and associated memory circuitry in the first device 202.Although not explicitly illustrated in FIGS. 2a and 2b , such circuitryis similar to the circuitry of the RFID device 102 described withreference to FIG. 1.

In an operating step 301 and a detection step 303 the first RFID device202 performs a first type of operation by either keeping silent (andthereby concealing its presence) or repeatedly broadcastingnon-sensitive data such as a random data sequence, triggered by thereader/writer terminal 204 via the RF field as is known in the art, anddetects whether or not any other entity broadcasts data, such as an ID,in the RF field. If the device 202 detects another entity broadcasting,e.g. detects a broadcast collision, the operation of the device 202continues to a verification step 305. During the verification step 305,the controller (not shown in FIG. 2) verifies that the other entitypresent in the RF field is correct. If not correct, the sequence ofsteps returns to step 301. If the other entity is verified in step 305,the sequence of steps continues in an enabling step 307 and establishesthat operation of a second type is to be allowed by continued executionof operational instructions. During the continued execution the device202 receives, during a reception step 309, from the reader/writerterminal 204, via the modulated RF field, a command to perform aspecific operation. The specific operation is, of course, applicationspecific and may entail reading protected data stored in the RFID device202, e.g. sensitive data such as an identifier, and conveying this datato the reader/writer terminal 204 as will be exemplified below. Thespecific command is then executed in an execute command step 311.

FIGS. 4 and 5 will illustrate another example of the present inventionin which a first RFID device performs a specific operation only when twoother devices have been brought into the RF field of an RFID readerterminal.

FIG. 4 illustrates a situation in a system 400 similar to that in FIG.2b . That is, FIG. 4 illustrates a situation at a point in time at whicha reader/writer terminal 404 has continued to generate an RF field asdefined by a boundary 401, and a first RFID device 402 remains inconnection 403 with the reader/writer terminal 404. Moreover, at thispoint in time, a second RFID device 420 and a third RFID device 430 havebeen brought to a respective position within the boundary 401 of the RFfield generated by the reader/writer terminal 404. Hence, a second and athird communication channel 405, 411 are present, between thereader/writer terminal 404 and the second and third RFID devices 420,430, respectively. Further, similar to the situation in FIG. 2b , afourth and fifth communication channel 407, 409 have also beenestablished between the first and the second device 402, 420 and thefirst and third device 402, 430, respectively.

The second and third RFID devices 420, 430 may also be connected via acommunication channel. However, for the purpose of this example,description of such a channel is omitted for the sake of clarity.

Turning now to FIG. 5, in an operating step 501 and a detection step 503the first RFID device 402 performs a first type of operation by eitherkeeping silent (and thereby concealing its presence) or repeatedlybroadcasting non-sensitive data such as a random data sequence,triggered by the reader/writer terminal 404 via the RF field as is knownin the art, and detects whether or not any other entity also broadcastsdata, such as an ID, in the RF field. If the device 402 detects anotherentity broadcasting, i.e. detects broadcasting from any of the seconddevice 420 and the third device 430, the operation of the device 402continues to a verification step 505. During the verification step 505,the controller (not shown in FIG. 4) verifies that the other entitypresent in the RF field is the second device 420 by checking it'stransmitted data. If not correct, the sequence of steps returns to step501.

If the other entity is verified to be the second device 420 in step 505,the sequence of steps continues in a command reception step 507 duringwhich the device 402 receives from the reader/writer terminal 404 acommand to perform a specific type of operation, such as providingspecific stored data having a first level of access restrictions, e.g.more sensitive data such as an identifier. Thereby, the presence in theRF field of the second device 420 enables access for the reader/writerterminal 404 to the first access level data stored in the first device402. The reader/writer terminal 404 is then provided with the data in atransmission step 509.

Unless the device 402 detects, in a detection step 511, broadcastingfrom any other device, command reception and data transmission in steps507 and 509, respectively, continues. If the device 402 detects anotherentity broadcasting, i.e. detects broadcasting from any of the seconddevice 420 and the third device 430, the operation of the device 402continues to a second verification step 513. During the verificationstep 513, the controller (not shown in FIG. 4) verifies that the otherentity present in the RF field is the third device 430 by checking it'stransmitted data. If not correct, the sequence of steps returns to step507 and access to data at the first access level is maintained.

If the other entity is verified to be the third device 430 in step 513,the sequence of steps continues in a command reception step 515 duringwhich the device 402 receives from the reader/writer terminal 404 acommand to perform a specific type of operation, such as providingspecific stored data having a second level of access restrictions. Suchdata may include data that is more sensitive than data having the firstlevel access restriction. Thereby, the presence in the RF field of thethird device 430 enables access for the reader/writer terminal 404 tothe second access level data stored in the first device 402. Thereader/writer terminal 404 is provided with the data in a transmissionstep 517.

The examples above are schematically described embodiments of thepresent invention. These are applicable within a large number ofspecific application environments where a simple and inexpensivesolution for protection of data stored on an RFID device is needed.

For example, in an application involving postal package tagging,cooperative tags may contain “public” information about the destinationaddress, and “private” information about the sender and contents. The“private” information being accessible only by security or customsofficials in case of suspicious packages.

Another area of application is that of covert serial numbering ofproducts: an RFID tag can release “public” data comprising informationregarding a manufacturer of the product to any reader, but in presenceof a secret manufacturer's RFID device, e.g. in the form of acontact-less smart card, will release additional information such as a“private” serial number, which can allow a detailed tracking of theproduct, e.g., during it's progress along a sales chain.

Yet another area of application is as a guard of privacy: a cooperativeRFID tag can be used to store all personal information (name,photograph, address, etc.), but this data will be only released inpresence of government security official (e.g. during passport control).

Yet another are of application in which RFID devices that conceal theirpresence may be used, is tagging of personal items. The items wouldrespond with their unique identifiers and data only in presence of theirowner's RFID device, trusted to the group of tags. The items wouldn'tappear as equipped with RFID devices otherwise, which would render e.g.unsolicited item tracking useless. Privacy protection as offered by thisapplication area is a valuable feature that existing solutions oftenlack.

The invention claimed is:
 1. A method for controlling communication in aradio frequency identification (RFID) system between a first RFID deviceand a reader/writer terminal, comprising: performing by the first RFIDdevice an operation of a first type, determining whether a detectionstate exists by detecting whether broadcasting is performed from atleast a second RFID device in the RFID system, and when said detectionstate exists, allowing said first RFID device to perform operation of asecond type, said operation of a second type being different from saidoperation of a first type, said operation of a second type includingresponding to a request from said reader terminal for an identifier ofsaid first RFID device; when said detection state exists, receiving atleast one data item broadcast from at least said second RFID device andconfiguring said first RFID device to operate depending on said receivedat least one data item; and receiving a plurality of data items from aplurality of respective RFID devices.
 2. The method according to claim1, wherein said first RFID device is arranged to continue performingoperation of said first type only, when said detection state does notexist.
 3. The method according to claim 1, wherein said operation of afirst type comprises receiving data.
 4. The method according to claim 1,wherein said operation of a first type comprises broadcasting a firstdata sequence.
 5. The method according to claim 1, wherein saidoperation of a second type comprises communication with a device in theRFID system.
 6. The method according to claim 1, wherein said data itemcomprises an identifier.
 7. The method according to claim 1, furthercomprising providing a first type of access to data storage in saidfirst RFID device.
 8. The method according to claim 7, furthercomprising providing a second type of access to data storage in saidfirst RFID device.
 9. The method according to claim 1, wherein theconfiguring of said first RFID device comprises providing a first typeof access to storage when a first data item is received and providing asecond type of access to said storage when a second data item isreceived.
 10. The method according to claim 8, wherein said first typeof access is read access and said second type of access is write access.11. The method according to claim 1, wherein said operation of a secondtype comprises changing a state of the first RFID device.
 12. An a radiofrequency identification (RFID) device comprising: control andcommunication circuit configured to perform operation of a first type,to determine whether a detection state exists by detecting whetherbroadcasting is performed from at least a second RFID device, when saiddetection state exists, to allow said RFID device to perform operationof a second type, said operation of a second type being different fromsaid operation of a first type, said operation of a second typeincluding responding to a request for an identifier; when said detectionstate exists, receiving at least one data item broadcast from at leastsaid second RFID device and configuring said first RFID device tooperate depending on said received at least one data item; and receivinga plurality of data items from a plurality of respective RFID devices.13. The RFID device according to claim 12, said RFID device beingarranged as an RFID tag.
 14. The RFID device according to claim 12, saidRFID device being arranged as an RFID transponder.
 15. The RFID deviceaccording to claim 12, said RFID device being arranged as a contact-lesssmart card.
 16. A method for controlling communication in a radiofrequency identification (RFID) system between a first RFID device and areader/writer terminal, comprising: receiving by said first RFID a firstquery from said reader/writer terminal; transmitting a first response bysaid first RFID to said first query, said first response being of afirst type in accordance with operation of said first RFID device in afirst mode that has limited functionality; when a collision is detectedby said first RFID device to have occurred between said first responseand a response to said first query by a second RFID device of said RFIDsystem, operating said first RFID device in a listen-only mode for aprescribed period of time to enable said first RFID device to receive atleast one data item transmitted from at least said second RFID device inresponse to a second query from said reader/writer terminal to whichsaid first RFID device will not respond; and when at least one data itemis received by said first RFID device from said second RFID device inresponse to said second query and said second data item is recognized bysaid first RFID device as indicating that said first RFID device shouldoperate in a second mode having functionality other than that availablein said first mode, operating said first RFID device in said secondmode.
 17. A method for controlling communication in a radio frequencyidentification (RFID) system between a first RFID device and areader/writer terminal, comprising: performing by said first RFID devicean operation of a first type; determining whether a detection stateexists by detecting whether broadcasting is performed from a second RFIDdevice in said RFID system; when said detection state exists, allowingsaid first RFID device to perform an operation of a second type, saidoperation of a second type being different from said operation of afirst type, said operation of a second type including responding to arequest from said reader/writer terminal for an identifier of said firstRFID device; and when said detection state exists, receiving by saidfirst RFID device at least one data item broadcast from each of aplurality of respective RFID devices and configuring said first RFIDdevice to operate depending on said received data items.
 18. The methodaccording to claim 17, wherein said second RFID device is one RFIDdevice of said plurality of RFID devices.